MCP Identity
An identity exposed through a Model Context Protocol server, so any MCP-compatible client (Claude, Cursor, Windsurf, the Claude Agent SDK) can act as that identity by calling its primitives as tools.
What MCP identity is
Model Context Protocol (MCP) is an open standard for exposing tools, resources, and prompts to LLM clients. An MCP identity is an agent identity packaged as an MCP server: mail operations become tools the model can call, vault operations become typed functions, TOTP codes come back from a dedicated primitive. The client doesn't need to know anything about the underlying service — it just sees a tool surface.
The practical effect is that any client that speaks MCP inherits identity capabilities for free. Claude Desktop gains an email mailbox; Cursor gains a credential vault; a custom agent built on the Claude Agent SDK or OpenAI Agents SDK gains both — all by pointing at the same MCP server. No per-client integration code.
Why MCP is the right integration shape
Before MCP, every agent framework had its own tool format. Giving an agent email meant writing a framework-specific adapter: a LangChain Tool for LangChain, an OpenAI function schema for the Assistants API, a Python decorator for CrewAI. Each adapter drifted as upstream APIs changed; each had its own bugs.
MCP collapses this to one server. The framework adapter is now generic — load tools from any MCP server — and every tool-using model can consume the same surface. An identity exposed once over MCP works everywhere the model does.
Tool naming and namespacing
MCP clients typically namespace tools by server name. Loomal's server advertises mail.send, mail.list_messages, vault.get, vault.totp, and so on. In a client like the Claude Agent SDK, these become mcp__loomal__mail_send, mcp__loomal__vault_totp, etc. The model sees them as regular callable tools and doesn't need any special MCP awareness.
This namespacing matters when an agent uses multiple MCP servers — a Loomal server for identity plus a Postgres server for database access plus a GitHub server for repo operations, say. Tool names can't collide across servers, so the model can route correctly even with dozens of tools in context.
How Loomal's MCP identity works
Loomal ships an MCP server at @loomal/mcp (npm). It's launched as a subprocess by the client (stdio transport) or deployed as an HTTP service (SSE transport for edge runtimes). The server authenticates with a single LOOMAL_API_KEY; every tool call acts on the identity that key belongs to.
Rotating the agent requires rotating the MCP server's env — no client-side changes. Revoking the identity invalidates the key, and every client pointing at that server immediately loses access. This is the clean revocation property that makes MCP identity production-worthy.
Loomal primitives
mail.sendvault.getvault.totpidentity.whoamiBuild it
See it in production
More from the glossary
Agent 2FA (TOTP)
Time-based one-time password generation that lets an AI agent complete two-factor authentication on services that require it — without borrowing a human's phone or authenticator app.
Agent Vault
An encrypted credential store scoped to a single AI agent identity, holding API keys, OAuth tokens, and secrets the agent uses to authenticate with other services.
Agent-to-Agent Email
Using standard SMTP email as the transport between AI agents — one agent sends a message to another agent's mailbox, and the recipient reads and acts on it. The simplest interoperable A2A protocol that already exists.
Delegation Chain
A cryptographic record of who authorized an AI agent to act, what scopes were granted, and who any sub-agents inherit from. Severing the root revokes everything below it.
Build agents with their own identity.
Email, vault, and TOTP — provisioned in 30 seconds.
Get API Key — FreeLast updated: 2026-04-14